Over 40,000 Internet-Connected Cameras Exposed, Streaming Live Online

In a startling revelation for 2025, Bitsight TRACE has uncovered more than 40,000 security cameras openly accessible on the internet—streaming live footage from homes, offices, factories, and even sensitive datacenter rooms.

This widespread exposure, which Bitsight first flagged in 2023, shows no sign of improvement, leaving millions potentially vulnerable to unwitting surveillance, industrial espionage, and privacy invasion by anyone with a web browser and basic technical know-how.

Technical Background and Methodology

Bitsight TRACE’s latest research scanned the entire internet for HTTP-based and RTSP-based camera feeds. HTTP (HyperText Transfer Protocol) is the foundation of data communication for the web, while RTSP (Real-Time Streaming Protocol) is used specifically for streaming media. Both protocols are commonly supported by surveillance cameras for remote monitoring.

Scanning Methodology Example

A simplified example of how such scanning is performed (using common command-line tools on Linux):

bash# Example: Scanning for open RTSP cameras using nmap
nmap -p 554 --script rtsp-url-brute <target-range>

# Checking for open HTTP ports on a subnet
curl -v http://<IP_ADDRESS>:<PORT>/index.html

Such scans are typically performed using automated tools like nmap, Shodan, or custom-built crawlers that probe for default paths and ports used by cameras (such as /live.sdp, /cam/realmonitor, or port 80/554).

Findings at a Glance

• Total exposed cameras: 40,000+
• Leading countries: United States (~14,000), Japan, Austria, Czechia, South Korea
• Protocols: HTTP, RTSP
• Access requirements: None (no authentication, or default credentials left unchanged)

Risks, Exploitation, and Real-World Impact

How Bad Actors Take Advantage

Accessing these cameras requires no sophisticated hacking. In many cases, a simple web browser is all that’s needed. Bad actors are actively discussing and selling access to exposed feeds on dark web forums. Here’s a sample of what a typical “camera for sale” listing might look like (fictionalized for security):

Technical Exploitation Scenarios

1. Credential Stuffing: Attackers use lists of default usernames/passwords (admin/admin, root/12345) to gain access.
2. Direct HTTP/RTSP Access: Cameras are often left with exposed streams, accessible via URLs like rtsp://<IP>:554/live.sdp.
3. Automated Scanners: Tools like Shodan or custom scripts constantly scan the internet for vulnerable devices.

Table: Example Default Credentials for Common Camera Brands

Brand	Default Username	Default Password
D-Link	admin	(blank)
Hikvision	admin	12345
TP-Link	admin	admin
Dahua	admin	admin

What’s at Stake?

• Residential: Live footage of living rooms, bedrooms, front doors.
• Commercial: Whiteboards with confidential information, sensitive meetings, proprietary processes.
• Industrial: Manufacturing secrets, inventory, critical infrastructure.
• Public: Transportation cameras, hospital waiting rooms.

Recommendations for Camera Owners and Operators

Individuals

1. Check Exposure:
   Try accessing your camera from a device outside your home network. If you can view the feed without logging in, your camera is exposed.
2. Change Default Credentials:
   Immediately change default usernames and passwords to strong, unique combinations.
3. Disable Remote Access:
   If you don’t need remote viewing, turn off internet access for your camera.
4. Update Firmware:
   Regularly check for and install firmware updates from the manufacturer.

Organizations

1. Use Firewalls and VPNs:
   Restrict camera access to internal networks or use VPNs for secure remote access.
2. Monitor Access:
   Set up alerts for unusual login attempts or access from unexpected locations.
3. Regular Audits:
   Periodically scan your network for exposed devices using tools like nmap or vulnerability scanners.

Sample Bash Script for Network Camera Audit

This script checks a local subnet for HTTP devices with “camera” in their response, which can help identify exposed cameras on your network.

As surveillance technology becomes more accessible and easier to deploy, the risks of misconfiguration and cyber exposure grow exponentially. Bitsight TRACE’s findings documented in their report “Big Brother Is Watching (And So Is Everyone Else)” paint a stark picture: security cameras intended to protect us are, in many cases, doing the opposite.

To stay ahead of this threat, camera owners and operators must take proactive steps.

Change default passwords, disable unnecessary remote access, keep firmware updated, and monitor for suspicious activity. For organizations, enforce strict access controls via firewalls and VPNs, and regularly audit your network for vulnerabilities.

With over 40,000 cameras exposed globally and likely many more undetected now is the time to act.

The privacy and security of homes, businesses, and public spaces depend on it. For more detailed findings and actionable intel, visit the Bitsight portal and consult their Open Ports risk vector section.